Security Management and Electronic Crime

 

Ollivier’s security executives provide leadership that spans I.T., facility operations, and senior management. Find out how Ollivier can mitigate risk and reduce expenses from security assessments, electronic crime, and compliance auditing. Most importantly, learn Ollivier’s primary edge: our ability to understand each and every client’s specific vision, mission, goals, and strategic objectives. By assessing our client’s enterprise security posture, we can effectively ensure that critical security areas are aligned with organizational business objectives, taking into account associated business risks and reducing operating expenses.

 

In 2004, Ollivier President Dr. Joel Rakow began demonstrating to senior executives that fortress-style security and crisis management do not work when confronted with electronic crime. He coined the term eCrime to represent identity theft, hacking, denial of service, electronic espionage, and other crimes perpetrated over computing networks, including the Internet. He advocates replacing the now-dated, traditional approaches to electronic crime because they fail in the face of the tremendous volume of eCrime incidents, remote proximity between perpetrators, servers, and victims, as well as disparate jurisdictions. eCrime cannot be defended by technical staff alone. Dr. Rakow provides leadership for many companies and their executives in how to deploy new strategies and solutions. He leads and guides senior management in a close and coordinated process. He bridges the span of IT management’s control, providing executive leadership to the CEO, CFO, and/or COO as required. He does this with business ranging from small startups to the some of the largest companies in the world.

 

Executive experience and judgment, governance, IT expertise, and experience with law enforcement agencies and tactics are all required, and these areas of intelligence must be coordinated. No matter what business you are in, eCrime warrants the attention of senior management before a crisis, if possible. Simply talk to Dr. Rakow about the issue of eCrime and implementing Ollivier’s modern solutions; not only will you see eCrime in an entirely new light, but your risk management can be more effective than ever before.

 

Ollivier takes pride it its eCrime practice, founded on its uniquely forward-looking and effective vision for a low-cost, well-managed approach to protecting the corporation, shareholders, and shareholder value. Ollivier will formulate a version of its vision into a plan tailored to your organization, and we help you champion and implement this plan with your senior executives, peers, and colleagues.

 

Ask Ollivier how the following initiatives might help your organization:

 

  • Executive leadership of an eCrime initiative
  • Leadership of Advisory Boards and Steering Committees
  • Integration of Physical and Data Access Controls with Human Resources
  • Technology Leadership for Physical Security Managers
  • Data Security Assessment and Planning including Emergency Management Plans
  • Enterprise Security Plans
  • Mentoring Data Security Managers in Physical Security
  • Security Software and Application Testing
  • Implementation of a governance program
  • Compliance with Sarbannes-Oxley, SB 1386, and others

 

Security Assessments

Security Assessments are an excellent way to evaluate your existing security program and a great first step to take prior to making security improvements at your facility or trying to solve a specific security problem.

 

During a Security Assessment, all aspects of your security program are examined. This includes indentifying any weaknesses, providing suggestions for security improvements, and pointing out opportunities in which costs can be reduced or security operations can be made more efficient.

 

The Security Assessment process developed by Ollivier has been used to successfully conduct hundreds of assessments at wide variety of corporate, institutional, and governmental facilities over the past 25 years. Moreover, our assessment process is constantly evolving as we keep on the forefront of news, new products and procedures, and the latest security best practices, allowing us to better serve you and better our method each day.

 

The Security Assessment uses a structured, formal analysis process that allows us to develop a deep understanding of your business, operating conditions, corporate culture, and unique security risks and threats.

 

While client involvement is crucial to success, our consultants facilitate the assessment every step of the way, keeping the project on track, and making sure that all important elements are examined.

 

Ollivier's Security Assessment is custom-tailored for each project, but typically includes the following tasks:

 

  • Risk identification and analysis
  • Threat and vulnerability assessment
  • Review of site and facility security
  • Analysis of crime data including loss history, police calls for service, crime statistics, and crime forecast reports
  • Review of degree of compliance with recognized CPTED (Crime Prevention Through Environmental Design)
  • Review of degree of compliance with security requirements that are specific to your industry, such as C-TPAT (Customs-Trade Partnership Against Terrorism), FISMA (Federal Information Security Management Act), HIPAA (Health Insurance Portability and Accountability Act), PCI (Payment Card Industry), Joint Commission, and security requirements imposed by regulatory agencies
  • Review of facility operating procedures
  • Review of physical security systems
  • Review of electronic security systems
  • Review of architectural security
  • Review of security policies and procedures
  • Review of security management
  • Review of security personnel
  • Evaluation of present security program and identification of weaknesses and vulnerabilities
  • Development of recommendations for security improvements
  • Identification of short and long-term costs
  • Prioritization of recommendations and development of implementation plan
  • Preparation of written Security Assessment Report

 

The Security Assessment Process

 

So, what can you expect when we conduct a Security Assessment at your facility? The following is a brief outline of the typical assessment process:

 

1.   Prior to coming to your site, we will request a number of documents for our use during the assessment. These typically include plans of the site and buildings, copies of any existing security policies and procedures, samples of various types of forms, company telephone directory, employee handbook, and other similar items. We only want what you already have; if there is something on our request list that is not available, it is not a problem.

 

2.   We will work with you to identify the people within your organization that we would like to interview. The goal is to obtain a good cross-representation of all of the major operating and support departments within your organization. Typically, this would include members of senior management (CEO, CFO, CIO, etc.), department heads, and people who occupy roles that are directly related to security, such as building receptionists, security officers, and shipping/receiving personnel. A typical interview session lasts between 30 and 45 minutes.

 

3.   When we first arrive on site, we will start by conducting an in-depth interview with the person who presently serves as “Security Manager” for the facility. This may be an actual Security Manager, or it may be the facility’s manager or other individual who manages the security function for the organization. This interview session covers a lot of detail and typically lasts 2 to 3 hours. After this interview, we ask this person to give us a brief guided tour of the facility.

 

4.   We then begin conducting individual interview sessions with each of the employees identified in Step #2 above. Depending on the size of the organization, this process could take one, two, or several days.

 

5.   At the conclusion of the interviews, we will conduct detailed inspections of certain areas of the facility and site. We may also spend extended periods of time observing particular areas of your facility, such as the building lobby or shipping/receiving loading docks.

 

6.   We will return at night with our light meter to take lighting measurements in your parking lots and other areas of the site. We will also take advantage of this opportunity to observe how your facility operates at night, and to get a general feel for the neighborhood during hours of darkness.

 

7.   At the conclusion of our visit to your site, we will meet with you to provide an update on our progress and to discuss the next steps in the process. At this point it may be possible to offer some preliminary findings and recommendations, but in most cases, we will need time to process and analyze the data gathered before we can give you any meaningful insights.

 

8.   We then return to our offices and begin our formal Security Assessment process. During this process, we identify your critical assets, analyze potential threats, review loss history, study crime forecasts for your site, evaluate existing security measures, and pinpoint potential weaknesses and areas for improvements. At the conclusion of this process, we begin to write the draft Security Assessment Report. It normally takes between two and three weeks from the time we complete our site visit to the time when we complete our report.

 

9.   While we are preparing the report, we often uncover things that require further investigation and study. In some cases, this may require that we return to the site to conduct additional interviews or to examine certain areas or operations more closely. We may also request certain additional documents and/or other information that is available from within your organization.

 

10.  When the draft Security Assessment Report is completed, we will send it to you for review. After you have had an opportunity to digest the document, we will meet with you in person or via teleconference to go over the report in detail and respond to any questions or comments you may have.

 

11.  Once we have obtained your input, we will then prepare a final Security Assessment Report that incorporates your comments and provides answers to your questions. If desired, we can make a formal presentation of the Security Assessment Report to your senior management team or others.

 

12.  At the conclusion of the assessment process, we remain available to assist you with implementation of the recommendations contained within our report. This can include, but is not limited to, identifying vendors and sources of products and services, reviewing bid proposals, developing security policies and procedures, and providing training.